Privacy Policy

Vineyard Digital Marketing System

Privacy Policy (UK)

Effective date: 22 January 2026
Trading name: Wicko Design
Legal entity: Wicko Web and Design Ltd (Company No. 12823561)
Registered office: 124 City Road, London, EC1V 2NX, United Kingdom
Contact: [email protected] | +44 1184 029 000 | https://marketing.wickodesign.com/vineyard-digital-marketing

This Privacy Policy explains how Wicko Design (Wicko Web and Design Ltd) (“we”, “us”, “our”) collects, uses, stores, and shares personal data when you visit our website, contact us, or use our Vineyard Digital Marketing System (the “Service”).

If you are a vineyard/winery using the Service, you may also be collecting personal data from your own customers/guests. In most cases, you will be the Data Controller for your customer data, and we will act as a Data Processor on your instructions (see Section 7).

1) Who this policy applies to

This policy applies to:

  • Visitors to our website(s) and landing pages

  • Prospective clients contacting us about the Service

  • Clients (vineyards/wineries) using the Service

  • Individuals whose personal data is processed within a client’s account (e.g., guests booking tastings/accommodation/events, wine purchasers, email/SMS recipients)

2) The personal data we collect

Depending on how you interact with us and the Service, we may collect:

A) Identity and contact data

  • Name, business name, job title

  • Email address, phone number

  • Billing address (business), VAT details (if provided)

B) Account and service data

  • Login/user details (for client users)

  • Notes and records added to the CRM (e.g., guest preferences, booking notes)

  • Booking and appointment details (e.g., tasting date/time, accommodation dates, group size)

  • Communication history (email/SMS/WhatsApp messages and timestamps)

C) Transaction data

  • Payment status, invoice references, subscription details

  • For card payments, payment processing is handled by third-party providers (e.g., Stripe). We do not store full card details.

D) Technical and usage data

  • IP address, device information, browser type

  • Website usage data (pages visited, referrals)

  • Cookies and tracking technologies (see Section 10)

E) Marketing and preference data

  • Marketing preferences and opt-in/opt-out records

  • Communication consent status (where applicable)

Special category data: We do not require special category data (e.g., health data). If you or your guests choose to share it (e.g., accessibility or dietary requirements), you should avoid providing more than necessary. Where such data is processed, it will be handled with additional care and appropriate controls.

3) How we collect personal data

We collect personal data via:

  • Website forms, enquiry forms, demo booking forms

  • Emails, phone calls, messaging

  • Service usage (CRM entries, bookings, automations)

  • Cookies and analytics tools

  • Integrations you enable (e.g., calendars, ecommerce platforms, accounting tools)

4) How we use personal data (purposes)

We use personal data to:

  • Provide, operate, and support the Service (CRM, booking, automations, reporting)

  • Set up accounts, configure features, and provide onboarding/training

  • Process subscriptions, invoices, and payments

  • Send service communications (e.g., system notices, support responses)

  • Improve and secure the Service (performance monitoring, fraud prevention)

  • Send marketing communications (where you have consented or where legitimate interests apply)

  • Comply with legal obligations (e.g., accounting and tax requirements)

5) Lawful bases for processing (UK GDPR)

We rely on one or more of the following lawful bases:

  • Contract: to provide the Service and manage our client relationship

  • Legitimate interests: to run and improve our business, keep systems secure, prevent fraud, and communicate with business contacts in a proportionate way

  • Consent: for marketing communications and certain cookies/tracking where required

  • Legal obligation: to meet accounting, tax, and regulatory requirements

Marketing by email/SMS/WhatsApp: We only send marketing where we have the appropriate legal basis (consent or PECR-compliant soft opt-in where applicable). You can opt out at any time (see Section 9).

6) How we share personal data

We may share personal data with:

A) Platform and infrastructure providers (sub-processors)

  • GoHighLevel (GHL) and its infrastructure/white-label components that host the core Service functionality

  • Messaging providers used for SMS/WhatsApp/voice delivery (where enabled)

  • Email sending providers (where enabled)

  • Cloud hosting, logging, and security providers needed to run the Service

B) Payment and billing providers

  • Stripe (for card payments and related processing), and banking providers for transfers

C) Integrations you enable

  • Calendar providers (e.g., Google/Microsoft)

  • Ecommerce platforms (e.g., WooCommerce, Shopify)

  • Accounting platforms (e.g., Xero/QuickBooks via connectors)

  • Analytics tools (e.g., Google Analytics) where used on our websites

D) Professional and legal

  • Accountants, legal advisers, insurers, and regulators when necessary

We only share data as needed for the purposes described in this policy and expect third parties to protect data appropriately.

7) Controller vs Processor (important for vineyards using the Service)

When you are a client (vineyard/winery)

For your customer/guest data stored in your Service account:

  • You are usually the Data Controller (you decide what data is collected and why).

  • We are usually the Data Processor (we process data on your instructions to provide the Service).

This means you are responsible for:

  • Providing privacy information to your guests/customers

  • Collecting valid consent where required (especially for marketing and SMS/WhatsApp)

  • Managing retention and deletion policies in line with your legal requirements

We can provide a Data Processing Agreement (DPA) on request.

8) International data transfers

Some of our providers may process data outside the UK. Where international transfers occur, we use appropriate safeguards such as:

  • UK adequacy regulations (where applicable)

  • UK International Data Transfer Agreement (IDTA) and/or Addendum to EU SCCs

  • Additional security measures where required

9) Marketing preferences and opt-out

You can opt out of marketing at any time by:

  • Clicking “unsubscribe” in emails

  • Following opt-out instructions in SMS/WhatsApp messages (e.g., “STOP”)

  • Contacting us at [email protected]

Service messages (billing notices, password resets, important operational updates) are not marketing and may still be sent as needed.

10) Cookies and analytics

Our website may use cookies and similar technologies to:

  • Make the site work properly (essential cookies)

  • Understand website usage and performance (analytics)

  • Support marketing and conversion tracking (where used and permitted)

Where required by law, we will request consent for non-essential cookies via a cookie banner/preferences tool.

You can manage cookies via your browser settings and (where available) our cookie preferences centre.

11) Data retention

We keep personal data only as long as necessary for the purposes described, including:

  • While you have an active account/subscription

  • For a reasonable period after termination to handle queries, exports, and compliance

  • As required for legal/accounting obligations (e.g., invoices)

Retention periods may vary depending on the type of data and our legal obligations. Clients using the Service control retention of their own customer/guest data, subject to their own policies and legal requirements.

12) Security

We take reasonable technical and organisational measures to protect personal data, including access controls and security practices appropriate to the nature of the Service.

You are responsible for:

  • Keeping usernames/passwords secure

  • Using role-based access for staff

  • Reviewing permissions for integrations and connected services

No method of transmission/storage is 100% secure, but we work to reduce risk and respond appropriately to incidents.

13) Your rights (UK GDPR)

Depending on the circumstances, you may have rights to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion (where applicable)

  • Restrict or object to processing

  • Data portability (where applicable)

  • Withdraw consent (where processing is based on consent)

  • Lodge a complaint with the UK data protection regulator (see Section 15)

To exercise rights, contact: [email protected]
We may need to verify your identity before responding.

Note for guests/customers of vineyards: If your data is held within a vineyard’s account, you may need to contact that vineyard (the Controller) directly. We can assist the Controller as Processor.

14) Children and age-restricted products

The Service may be used by businesses that sell alcohol. The Service is not intended for children and should not be used to knowingly collect data from individuals under the legal age for alcohol purchase in the relevant jurisdiction. Clients are responsible for implementing appropriate age-gating and compliance.

15) Complaints

If you have concerns, please contact us first at [email protected] and we will try to resolve them.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (the UK regulator for data protection).

16) Changes to this Privacy Policy

We may update this policy from time to time to reflect changes in legal requirements, our practices, or the Service. We will post the latest version on our website with an updated effective date.

17) Contact us

For privacy questions or requests:
Email: [email protected]
Post: Wicko Web and Design Ltd, 124 City Road, London, EC1V 2NX, United Kingdom

Get In Touch

Subscribe Now

Contact

07717 567560

Reach Us

Copyright © 2026. David Wickstead - Wicko. All rights reserved.